The Right to Privacy in the Digital Age: Experience from Myanmar The Myanmar Centre for Responsible Business (MCRB) welcomes the opportunity to provide inputs into the UN OHCHR report on the right to privacy in the digital age. MCRB’s input focusses, inter alia on the following topics mentioned by the OHCHR: • • • digital identity systems rolled out by States and companies; use of biometrics for identification and authentication; targeted and mass surveillance, including of journalists and human rights defenders; Our inputs relate to experience gained from our work since 2013 on business and human rights in Myanmar, including digital rights. In 2014, MCRB commenced a Sector-Wide Impact Assessment (SWIA) of Myanmar’s ICT Sector. This drew on methodology developed for MCRB’s first two SWIAs on oil and gas and tourism, in which the UN Guiding Principles on Business and Human Rights (UNGPs) were central to the approach. The assessment, published in September 2015, analysed Myanmar’s ICT policy and regulatory framework from the perspective of whether it protected human rights. MCRB also undertook research on the ground based on interviews with various stakeholders and rights holders, including companies, users, and regulators. The SWIA covered offline rights related to the rapid rollout of Myanmar’s telecoms infrastructure, but also online rights with chapters on Freedom of Expression, ‘Hate Speech’, Privacy, Surveillance and Lawful Interception, and Cyber-Security. In the following seven years, MCRB has worked with government, business and civil society stakeholders to take forward the recommendations in the assessment and respond to the many new developments, including those which have occurred since the military’s seizure of power from an elected civilian government on 1 February 2021. MCRB has approached this input on privacy in the digital age from the perspective of responsible business and the UNGPs. These require companies to undertake human rights due diligence to identify any human rights impacts which companies may cause, contribute to, or be linked to. MCRB seeks to identify and share examples of actual and potential risks to help businesses prevent and mitigate impacts. Human rights risks, including but not limited to those relating to fundamental rights in the digital sphere, have been heightened for all companies operating in Myanmar following the military takeover on 1 February 2021, and not just for those in the ICT sector. For example, personal data held by companies such as personnel records, if obtained by public security forces, can lead to detention or torture, and even death. Our input identifies some examples which may be of relevance not only in Myanmar but also in other situations and is structured as follows. 1. 2. 3. 4. Lack of human rights safeguards in the legal framework ............................................................. 2 Low digital literacy and privacy awareness and practices amongst government and the public 4 Digital ID cards, Biometrics, and SIM Card Registration ............................................................... 5 Additional privacy-related human rights risks since 1 February 2021........................................ 11 1

Select target paragraph3